From c79559751156f009c22e1b8f1f0d61e2cb4f7082 Mon Sep 17 00:00:00 2001
From: Franck Nijhof <git@frenck.dev>
Date: Sun, 31 Jul 2022 18:00:42 +0200
Subject: [PATCH] Improve authentication handling for camera view (#75979)

---
 homeassistant/components/camera/__init__.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/homeassistant/components/camera/__init__.py b/homeassistant/components/camera/__init__.py
index 3bf86dedea1..77bd0b57f1c 100644
--- a/homeassistant/components/camera/__init__.py
+++ b/homeassistant/components/camera/__init__.py
@@ -14,7 +14,7 @@ import os
 from random import SystemRandom
 from typing import Final, Optional, cast, final
 
-from aiohttp import web
+from aiohttp import hdrs, web
 import async_timeout
 import attr
 import voluptuous as vol
@@ -715,8 +715,11 @@ class CameraView(HomeAssistantView):
         )
 
         if not authenticated:
-            if request[KEY_AUTHENTICATED]:
+            # Attempt with invalid bearer token, raise unauthorized
+            # so ban middleware can handle it.
+            if hdrs.AUTHORIZATION in request.headers:
                 raise web.HTTPUnauthorized()
+            # Invalid sigAuth or camera access token
             raise web.HTTPForbidden()
 
         if not camera.is_on: